<?php
/******************************************
 * Author: <YOUR NAME HERE>
 * Description: <YOUR DESCRIPTION HERE>
 ******************************************/
class GenProduct extends CustomSecurity { 


	function GenProduct($db){ 
    }

	/***********************************
 	 * Add:         Allows the insertion of values into the Table.
 	 * Parameters:  $id, $pName, $pType, $category
 	 * Return:      (Boolean) True - Successfully Inserted | False - Error
 	 ************************************/
	function add($pName, $pType, $category){ 

		escape_string($pName);
		escape_string($pType);
		escape_string($category);

		$statement = "INSERT INTO general_product (pName, pType, category) VALUES ('$pName', '$pType', '$category');";
		$results   = mysql_query($statement);

		if($results){
			return true;
		}else{
			return false;
		}

	}//End add()


	/***********************************
 	 * Remove:      Allows for the removal of record from the database.
 	 * Parameters:  (String)Primary Key Column Name | (Int) Primary Key Value
 	 * Return:      (Boolean) True - Successfully Removed | False - Error
 	 ************************************/
	function remove($primaryKeyValue){ 

		escape_string($primaryKeyValue);

		$statement = "DELETE FROM general_product WHERE id = '$primaryKeyValue'";
		$results   = mysql_query($statement);
		if($results){
			return true;
		}else{
			return false;
		}

	}//End remove()


	/***********************************
 	 * Update:      Allows for the update of a record from the database.
 	 * Parameters:  (String)Primary Key Column Name | (Int) Primary Key Value | (String) Column Name To Update | (String) New Value
 	 * Return:      (Boolean) True - Successfully Updated | False - Error
 	 ************************************/
	function update($primaryKeyName, $primaryKeyValue, $columnNameToUpdate, $columnValue){ 

		escape_string($primaryKeyName);
		escape_string($primaryKeyValue);
		escape_string($columnNameToUpdate);
		escape_string($columnValue);

		$statement = "UPDATE general_product SET $columnNameToUpdate = '$columnValue' WHERE $primaryKeyName = '$primaryKeyValue'";
		$results   = mysql_query($statement);
		if($results){
			return true;
		}else{
			return false;
		}

	}//End update()


	/***********************************
 	 * GetAll:       Returns all the records in the database.
 	 * Parameters:   NA
 	 * Return:      (MultiDimensional-Array)String
 	 ************************************/
	function getAll(){ 

		//Custom SQL Injection Escaping HERE

		$statement = "SELECT pName, pType, category FROM general_product";
		$results   = mysql_query($statement);

		return $results;

	}//End getAll()
	
	
	function getAllAdmin(){ 

		//Custom SQL Injection Escaping HERE

		$statement = "SELECT id, pName, pType, category FROM general_product";
		$results   = mysql_query($statement);
		
		$tokens[0] = 'id';
		$tokens[1] = 'pName';
		$tokens[2] = 'pType';
		$tokens[3] = 'category';
		
		return transformResults($results, $tokens);

	}//End getAll()
	
	
	function getByCategory(){ 

		if (isset($_SESSION['selCompCateg']) && strcasecmp($_SESSION['selCompCateg'], "ВСИЧКИ") !=0){
			$statement = "SELECT pName, pType, category FROM general_product WHERE category = '".$_SESSION['selCompCateg']."' ORDER BY pName ASC";
		} else {
			$statement = "SELECT pName, pType, category FROM general_product ORDER BY pName ASC";
		}

		
		$results   = mysql_query($statement);
		
		$tokens[0] = 'pName';
		$tokens[1] = 'pType';
		$tokens[2] = 'category';
		
		return transformResults($results, $tokens);

	}//End getAll()
	
	function getAll_Plus_Koichestvo(){ 

		//Custom SQL Injection Escaping HERE

		$statement = "SELECT pName, vk.vid_kolichestvo FROM general_product gp INNER JOIN vid_kolichestvo vk ON gp.pType = vk.vid_kolichestvo";
		$results   = mysql_query($statement);

		$tokens[0] = 'pName';
		$tokens[1] = 'vid_kolichestvo';
		
		return transformResults($results, $tokens);

	}//End getAll()


	/***********************************
 	 * GetObject:   Returns a specific record form the batabase.
 	 * Parameters:  (Int) Primary Key Value
 	 * Return:      (Array)String
 	 ************************************/
	function getObject($primaryKeyName, $primaryKeyValue){ 

		escape_string($primaryKeyName);
		escape_string($primaryKeyValue);

		$statement = "SELECT id, pName, pType, category FROM general_product WHERE ".$primaryKeyName." = '".$primaryKeyValue."'";
		$results   = mysql_query($statement);

		$tokens[0] = 'id';
		$tokens[1] = 'pName';
		$tokens[2] = 'pType';
		$tokens[3] = 'category';
		
		return transformResults($results, $tokens);

	}//End getObject()

	function getProduct($primaryKeyValue){ 

		escape_string($primaryKeyValue);

		$statement = "SELECT pName FROM general_product WHERE id = '".$primaryKeyValue."'";
		$results   = mysql_query($statement);

		$tokens[0] = 'pName';
		
		return transformResults($results, $tokens);

	}

}//End Class GeneralProduct
?>